Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
20
Helpful
6
Replies

Restrict communication between ports in the layer 3 switch

WangSteven02215
Level 1
Level 1

‎01-21-2021 02:21 PM

Hi, I have no expertise on the network. I always appreciate your taking the time to answer my question.

 

We will connect independent systems (System A and B) using the L3 Switch (Catalyst 9300).

and send the syslog to the cyber security operation center like attached picture.

* System A and B consist of L2 Switch (Catalyst 2960).

 

In order to prevent access from each system to another system, we would like to ensure that coming data through Port 1~3 is transferred to only port 4. Is it possible to implement this function by changing the settings of the Catalyst 9300?

 

SYStem ABC.JPG

 

 

Labels:
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-21-2021 02:37 PM

Question is the Cat 9300 Only for send the Syslog to the cybersecurity operation center?

 

You can have ACL deployed on Cat 9300 - and Allow the source of the network A and B to only to communicate to Syslog server IP.

so they can not communicate with each other network IP address range.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

WangSteven02215
Level 1
Level 1
In response to balaji.bandi

‎01-22-2021 05:43 AM

Thank you for your reply.

 

Yes, Cat 9300 transmits only syslog to cybersecurity operation center.

0 Helpful

Georg Pauwen
VIP
VIP

‎01-21-2021 02:43 PM

Hello,

 

I assume System A and System B are on different subnets ? And the layer 3 switch is doing the inter-Vlan routing ?

 

You can use a simple access list to keep both systems from communicating with each other. The configuration would look something like below:

 

interface GigabitEthernet0/1

description Port 1 Link to System A

switchport mode access

switchport access vlan 10

!

interface GigabitEthernet0/2

description Port 2 Link to System B

switchport mode access

switchport access vlan 20

!

interface GigabitEthernet0/3

description Port 3 Link to System B

switchport mode access

switchport access vlan 20

!

interface GigabitEthernet0/4

description Port 4 Link to Syslog

no switchport

ip address 172.16.1.1 255.255.255.0

!

access-list 101 deny 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 101 permit 192.168.10.0 0.0.0.255 any

!

interface Vlan 10

ip address 192.168.10.1 255.255.255.0

ip access-group 101 in

!

interface Vlan 20

ip address 192.168.20.1 255.255.255.0

MHM Cisco World
VIP
VIP

‎01-21-2021 02:58 PM

use VRF if you can, VRF separate the traffic.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎01-21-2021 03:01 PM

Just to add a note - On Cat 9K - VRF needs Network Advantage License.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

stopher
Level 1
Level 1

‎01-22-2021 03:49 AM

Hi Wang,

Simply put, a layer 3 switch combines the functionality of a switch and a router. It acts as a switch to connect devices that are on the same subnet or virtual LAN at lightning speeds and has IP routing intelligence built into it to double up as a router.

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card